2.1. Initial and pre-authenticated tickets

2.1. Initial and pre-authenticated tickets

The INITIAL flag indicates that a ticket was issued using the AS
protocol and not issued based on a ticket-granting ticket.
Application servers that want to require the knowledge of a client's
secret key (e.g., a passwordchanging program) can insist that this
flag be set in any tickets they accept, and thus be assured that the
client's key was recently presented to the application client.

The PRE-AUTHENT and HW-AUTHENT flags provide addition information
about the initial authentication, regardless of whether the current
ticket was issued directly (in which case INITIAL will also be set)
or issued on the basis of a ticket-granting ticket (in which case the
INITIAL flag is clear, but the PRE-AUTHENT and HW-AUTHENT flags are
carried forward from the ticket-granting ticket).